Traditionally, a workplace can be defined as one centralized location in which business or professional functions are performed. With the introduction and adaptations to information and communication technologies, the definition of the workplace continues to evolve. The definition of the traditional workplace is quickly being replaced with employees working anywhere they can be most efficient and productive, for example, at home, on an airplane, or at the office. With this increase in workplace locations per employee, the risk of unauthorized access to company confidential data also increases. Inhibiting unauthorized access to company confidential data inside or outside the company premises is a critical task for individuals and organizations alike.
One technique to inhibit the unauthorized access to company confidential data inside or outside the company premises involves the use of Security Policies. Security Policies are documents containing sets of regulations, which mandate how an organization will manage, protect and distribute company confidential information. For example, a security policy may state that an employee may not remove digital data from within the company premises.
Another technique to inhibit the unauthorized intrusions to company confidential data inside or outside the company premises may involve employing file encryption protection on the confidential data. File encryption protection is the process of encoding or decoding data so that individuals will be unable to read the data if they are not provided authorization to view the files. Authorization to view the files is generally granted by the application of passwords.
However, there are problems with the prior art Security Policy and File Encryption techniques. Security Policies can be very difficult and expensive to enforce Security Polices can be hard to enforce with regards to digital data because digital data can be relatively easy to download to small portable devices, such as, compact disks (CDs), Digital Video Disks (DVDs), and portable hard drives. Once downloaded, it is very difficult to detect whether a storage device, such as a CD, that is being carried in an employee's briefcase contains his favorite music or the company's latest engineering design. Even if the technology exists to perform the aforementioned detection, the level of intrusion and the impact on employee morale make such detection unpalatable for most companies.
With regards to file encryption, there are problems with this technique as well. As mentioned earlier, authorization to encrypted files often requires employing a password for decryption. The passwords can be easily lost, stolen or cracked, thereby compromising the security of the confidential data.